On 03/13/2010 05:47 PM, Daniel Convissor wrote: > On Sat, Mar 13, 2010 at 04:28:21PM +0100, Hannes Magnusson wrote: >> >> Just install the root cert from http://www.cacert.org > > Someone I trust regarding security issues said the following recently > about doing such: > > I note that as of 2009-01-05 evidently CAcert began requiring not just > "can you get email" but any one of four other checks of identity as > well. Unfortunately, it doesn't look as if they retired their old > root CA at that time (an issue also raised by Ubuntu). What that > means is that trusting CAcert's root means trusting a lot of certs > out there that could trivially have been obtained under false > pretenses. Very bad.
I don't see how that is all that relevant here. Our certs are fine and can be trusted and provides the encryption we need. If you don't want to trust other cacert-based ones don't install the root and just tell your browser to accept the php.net ones permanently. -Rasmus